Problem solve Get help with specific problems with your technologies, process and projects.

How transparent should a provider be with its cloud security policy?

Cloud security policy should make procedures clear without revealing all the technology at work, says cloud expert Mooney Sherman.

In terms of cloud security policy, where should we draw the line with transparency? How much should we divulge?

The policies, procedures, standards and controls should be clear, but you don't need to divulge the actual technologies used. How you report adherence to these policies needs to be thorough, however. A good cloud security policy should give customers access to historical data on performance, outages and the nature of breaches, as well as the remediation actions, if any, the provider has taken to mitigate or prevent similar problems in the future. You should also divulge the hiring practices of personnel and what background checks are conducted. For example, customers will want to know: Are background checks only conducted during the hiring process, or are they also conducted regularly during employment? Are the employees required to sign a non-disclosure agreement during and after the employment?

Dig Deeper on Managed security for the cloud